Fun

Securing your crypto funds: Exchanges add support for hardware 2FA

News Feed - 2024-04-05 10:04:00

Rachel Wolfson10 hours agoSecuring your crypto funds: Exchanges add support for hardware 2FAAs phishing attacks rise, crypto exchanges tell users to keep their funds safe by using YubiKey devices and Passkeys, along with hardware wallets.555 Total views4 Total sharesListen to article 0:00AnalysisOwn this piece of crypto historyCollect this article as NFTJoin us on social networksPhishing scams are becoming increasingly common as criminals use emails, text messages and phone calls to trick victims into providing them with personal information. 


According to the National Cyber Security Centre in the United Kingdom, 29 million phishing scams have been reported since the beginning of 2024.


Blockchain security platform Scam Sniffer further found that over 324,000 crypto users fell victim to phishing scams in 2023. The “2023 Wallet Drainers Report” noted that around $295 million in digital assets were lost to wallet drainers in 2023.


As phishing scams rise, some cryptocurrency exchanges have started to encourage users to incorporate specific devices to protect their funds.Crypto exchanges recommend a second security layer


Jacob Klein, director and head of trust and safety at Coinbase, told Cointelegraph that Coinbase was one of the first crypto exchanges to provide YubiKey compatibility.


While Yubico introduced YubiKey devices in 2008, some crypto exchanges began allowing customers to use them following the first major bull run in 2019.


“YubiKey devices are the most secure form of authentication that we provide,” said Klein.


According to Klein, YubiKey devices can serve as a form of two-factor authentication (2FA), which Coinbase requires.


“This would mean a user would have to use their physical YubiKey device to access their account,” he said.


This can be helpful, as Klein noted that account passwords can get lost or even breached in phishing attacks.


“With all the phishing scams taking place, the question users must consider is, ‘How can I avoid myself from getting hacked?’ This is why a YubiKey may seem like the obvious and best solution to protect crypto funds,” he said.


Recent: Crypto bull run ignites surge in job listings, salary increases


Cryptocurrency exchange Binance also introduced YubiKey devices to users in 2019.


Jimmy Su, chief security officer at Binance, told Cointelegraph, “Having physical access to the Yubikey is what makes it the most secured 2FA method. The only way an attacker can bypass this is to gain access to YubiKey. This is in contrast to passing a one-time-password code via SMS or email, which is much more susceptible to phishing attacks.”Passkeys can also protect against phishing attacks


While YubiKey devices may be one of the best measures to protect against phishing, crypto exchanges have recently adopted newer solutions for users.


For example, Klein shared that Coinbase supports a new form of MFA called “passkeys,” which are “a form of user authentication that uses a cryptographic technique linked to a user’s device, like their smartphone.”


According to Klein, any Coinbase user can turn on the passkey option when accessing their account.


Khaja Ahmed, the chief information security officer at cryptocurrency exchange Gemini, told Cointelegraph Gemini also recently released support for passkeys, stating, “Since passkeys don’t involve an external physical device, they are somewhat more convenient than a physical YubiKey.”


Tom D’Eletto, head of product at crypto security platform Arculus, told Cointelegraph that while software passkeys are a step in the right direction, a hardware-bound passkey — whether it is a USB dongle or an NFC-enabled card — is the gold standard for security.


D’Eletto explained that “FIDO2” is an open standard used by both passkeys and YubiKeys. He shared that Arculus recently implemented its own FIDO2-certified keys, which come in the form of a metal credit card.The first YubiKey using the FIDO standard was released in 2014.


“USB hardware keys [...] have not achieved mainstream mass adoption despite being on the market for many years,” said D’Eletto. “Arculus puts a FIDO2 authenticator on a metal credit card form factor, allowing people with an Arculus authenticator to simply tap their card to the back of their phone to authenticate.”


D’Eletto said this provides users with a more familiar experience: “Think of this like an ATM experience — when you go to an ATM, to access your account, you use your PIN and your bank card. Arculus allows the same flow and secure authentication on your phone.”Protection against phishing scams, but not much else


Shahar Madar, vice president of security and trust products at Fireblocks, told Cointelegraph that it’s essential to understand that a YubiKey and similar physical devices do not hold a user’s wallet or private key.


“It is purely used by a wallet or an exchange to authenticate the end-user and receive their authorization for a transaction,” said Madar.


Madar said these devices’ most compelling use case is to mitigate end-user account takeovers. While this can protect users against phishing attacks, Madar emphasized that a YubiKey or passkey cannot protect against a cryptocurrency exchange hack.


Recent: AI token prices soar: Is it all hype, or is there real potential?


With this in mind, crypto users may want to consider keeping funds on a hardware wallet. Singapore authorities also recently recommended using hardware wallets for security against wallet drainer attacks.


Yet, hardware wallets are also prone to unique challenges. For instance, if a hardware wallet user were to lose their private keys, their crypto funds would likely become unrecoverable.


Klien noted that a YubiKey associated with a Coinbase account can be beneficial in this instance. “If a user were to lose their YubiKey device, they could still get back into their Coinbase account, as there is a method users can go through to regain account access,” he said.# Bitcoin# Coinbase# Cryptocurrencies# Altcoin# Bitcoin Wallet# Phishing# Security# Wallet# Ethereum# Technology# Adoption# Gemini# Hackers# Hardware Wallet# Cybersecurity# Binance# Scams# HacksAdd reactionRead moreBinance trading volumes hit yearly high at $1.12T in MarchPrice analysis 4/5: BTC, ETH, BNB, SOL, XRP, DOGE, ADA, AVAX, TON, SHIBAustralian Monochrome spot Bitcoin ETF expected to launch within 2 months, says CEO

News Feed

LBank Labs Invites Czhang to Join as Investment Group Member
LBank Labs Invites Czhang to Join as Investment Group Member press release PRESS RELEASE.Internet City, Dubai, Oct. 26, 2022 — Crypto Investment Group, LBank Labs, welcomes n
China’s Hebei Province Begins Crackdown on Crypto Mining and Trading, Reports Reveal
China’s Hebei Province Begins Crackdown on Crypto Mining and Trading, Reports Reveal Authorities in the Chinese province of Hebei have reportedly launched a campaign against cryp
Derek Andersen6 hours agoEthics watchdog rats out Circle for links to Tron in letter to Sens. Warren, BrownThe Campaign for Accountability wanted to let the anti-crypto senators know that the threat of terrorist financin
Huobi Partners With Astropay to Facilitate Fiat Payments in Latam
Huobi Partners With Astropay to Facilitate Fiat Payments in Latam Huobi Global, one of the biggest exchanges in volumes traded, has announced a partnership to make it easier for it
‘Ethereum Killers’ Managed to ‘Kill’ Themselves in 2022 Rather Than Beat the Smart Contract Economy’s Heavyweight Champ
‘Ethereum Killers’ Managed to ‘Kill’ Themselves in 2022 Rather Than Beat the Smart Contract Economy’s Heavyweight Champ At the end of 2021, a myriad of people thought a h
Nearly 500,000 Nigerian CBDC Wallets Downloaded Since Launch
Nearly 500,000 Nigerian CBDC Wallets Downloaded Since Launch Nearly half a million e-naira wallets have been downloaded a few weeks after the central bank digital currency (CBDC) w
It’s Too Soon to Write Libra’s Crypto Obituary
To paraphrase Mark Twain, rumors of the nation-state’s demise are greatly exaggerated. The exits of Mastercard, Visa, Paypal and four other firms from the Libra consortium ca
Tom Mitchelhill4 hours agoHong Kong to list ‘suspicious’ crypto platforms in wake of JPEX scandalIn the wake of the ongoing JPEX scandal, the Hong Kong Securities and Futures Commission says it will issue a public li
Report: UK Gold Dealer Sold Out of Bullion After Pound’s Record Fall Causes Demand to Skyrocket
Report: UK Gold Dealer Sold Out of Bullion After Pound"s Record Fall Causes Demand to Skyrocket The United Kingdom-based gold dealer, Ash Kundra, has claimed that he recently ran o
Salvadoran President Nayib Bukele Takes Aim at Bitcoin Detractors, Says the Ones Who Are Afraid ‘Are the World’s Powerful Elites’
Salvadoran President Nayib Bukele Takes Aim at Bitcoin Detractors, Says the Ones Who Are Afraid ‘Are the World’s Powerful Elites’ It’s been over a year since El Salvad
Nigeria’s foreign investment at risk due to Binance bribery allegations
Amaka Nwaokocha37 minutes agoNigeria’s foreign investment at risk due to Binance bribery allegationsSBM Intelligence emphasized that detaining foreign business officials could make it challenging for the country to att
Trump Admin Sanctions North Korean Hackers Behind Titanic Bitcoin Thefts
The Trump administration sanctioned North Korea"s Lazarus Group, which raked in $571 million from Bitcoin thefts. | Source: ShutterstockNorth Korea’s notorious state-sponsore